'\" t
.\"     Title: pam_sm_chauthtok
.\"    Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
.\"      Date: 11/18/2024
.\"    Manual: Linux-PAM Manual
.\"    Source: Linux-PAM
.\"  Language: English
.\"
.TH "PAM_SM_CHAUTHTOK" "3" "11/18/2024" "Linux\-PAM" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_sm_chauthtok \- PAM service function for authentication token management
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_modules\&.h>
.fi
.ft
.HP \w'int\ pam_sm_chauthtok('u
.BI "int pam_sm_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_sm_chauthtok\fR
function is the service module\*(Aqs implementation of the
\fBpam_chauthtok\fR(3)
interface\&.
.PP
This function is used to (re\-)set the authentication token of the user\&.
.PP
Valid flags, which may be logically OR\*(Aqd with
\fIPAM_SILENT\fR, are:
.PP
PAM_SILENT
.RS 4
Do not emit any messages\&.
.RE
.PP
PAM_CHANGE_EXPIRED_AUTHTOK
.RS 4
This argument indicates to the module that the user\*(Aqs authentication token (password) should only be changed if it has expired\&. This flag is optional and
\fImust\fR
be combined with one of the following two flags\&. Note, however, the following two options are
\fImutually exclusive\fR\&.
.RE
.PP
PAM_PRELIM_CHECK
.RS 4
This indicates that the modules are being probed as to their ready status for altering the user\*(Aqs authentication token\&. If the module requires access to another system over some network it should attempt to verify it can connect to this system on receiving this flag\&. If a module cannot establish it is ready to update the user\*(Aqs authentication token it should return
\fBPAM_TRY_AGAIN\fR, this information will be passed back to the application\&.
.sp
If the control value
\fIsufficient\fR
is used in the password stack, the
\fIPAM_PRELIM_CHECK\fR
section of the modules following that control value is not always executed\&.
.RE
.PP
PAM_UPDATE_AUTHTOK
.RS 4
This informs the module that this is the call it should change the authorization tokens\&. If the flag is logically OR\*(Aqd with
\fBPAM_CHANGE_EXPIRED_AUTHTOK\fR, the token is only changed if it has actually expired\&.
.RE
.PP
The PAM library calls this function twice in succession\&. The first time with
\fBPAM_PRELIM_CHECK\fR
and then, if the module does not return
\fBPAM_TRY_AGAIN\fR, subsequently with
\fBPAM_UPDATE_AUTHTOK\fR\&. It is only on the second call that the authorization token is (possibly) changed\&.
.SH "RETURN VALUES"
.PP
PAM_AUTHTOK_ERR
.RS 4
The module was unable to obtain the new authentication token\&.
.RE
.PP
PAM_AUTHTOK_RECOVERY_ERR
.RS 4
The module was unable to obtain the old authentication token\&.
.RE
.PP
PAM_AUTHTOK_LOCK_BUSY
.RS 4
Cannot change the authentication token since it is currently locked\&.
.RE
.PP
PAM_AUTHTOK_DISABLE_AGING
.RS 4
Authentication token aging has been disabled\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
Permission denied\&.
.RE
.PP
PAM_TRY_AGAIN
.RS 4
Preliminary check was unsuccessful\&. Signals an immediate return to the application is desired\&.
.RE
.PP
PAM_SUCCESS
.RS 4
The authentication token was successfully updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
User unknown to password service\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam\fR(3),
\fBpam_chauthtok\fR(3),
\fBpam_sm_chauthtok\fR(3),
\fBpam_strerror\fR(3),
\fBPAM\fR(8)
